CLOUDP-266544: Revert local credentials support (#1806)

* Revert "CLOUDP-266544: Support local resource credentials (#1782)"

This reverts commit 8dbdcbf.

* Use project creds again

config/crd/bases/atlas.mongodb.com_atlasdatabaseusers.yaml

@@ -66,18 +66,6 @@ spec:
                 - USER
                 - ROLE
                 type: string
-              connectionSecret:
-                description: A reference to an object in the same namespace as the
-                  referent
-                properties:
-                  name:
-                    description: |-
-                      Name of the resource being referred to
-                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                    type: string
-                required:
-                - name
-                type: object
               databaseName:
                 default: admin
                 description: DatabaseName is a Database against which Atlas authenticates

internal/translation/dbuser/conversion.go

@@ -68,7 +68,6 @@ func (u *User) clearedSpecClone() *akov2.AtlasDatabaseUserSpec {
 	clone.Project.Name = ""
 	clone.Project.Namespace = ""
 	clone.PasswordSecret = nil
-	clone.ConnectionSecret = nil
 	return &clone
 }
 

internal/translation/dbuser/conversion_test.go

@@ -9,7 +9,6 @@ import (
 
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/timeutil"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/dbuser"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1/common"
 )
@@ -394,7 +393,6 @@ func TestDiffSpecs(t *testing.T) {
 					spec.Project.Name = "some-project"
 					spec.Project.Namespace = "some-namespace"
 					spec.PasswordSecret = &common.ResourceRef{Name: "some-secret-ref"}
-					spec.ConnectionSecret = &api.LocalObjectReference{Name: "some-local-secret-ref"}
 					return spec
 				}(),
 			},
@@ -410,7 +408,6 @@ func TestDiffSpecs(t *testing.T) {
 					spec.Project.Name = "another-project"
 					spec.Project.Namespace = "another-namespace"
 					spec.PasswordSecret = &common.ResourceRef{Name: "another-secret-ref"}
-					spec.ConnectionSecret = &api.LocalObjectReference{Name: "another-local-secret-ref"}
 					return spec
 				}(),
 			},

pkg/api/v1/atlasdatabaseuser_types.go

@@ -52,8 +52,6 @@ const (
 
 // AtlasDatabaseUserSpec defines the desired state of Database User in Atlas
 type AtlasDatabaseUserSpec struct {
-	api.LocalCredentialHolder `json:",inline"`
-
 	// Project is a reference to AtlasProject resource the user belongs to
 	Project common.ResourceRefNamespaced `json:"projectRef"`
 
@@ -298,10 +296,6 @@ func (p *AtlasDatabaseUser) WithDeleteAfterDate(date string) *AtlasDatabaseUser
 	return p
 }
 
-func (p *AtlasDatabaseUser) Credentials() *api.LocalObjectReference {
-	return p.Spec.Credentials()
-}
-
 func DefaultDBUser(namespace, username, projectName string) *AtlasDatabaseUser {
 	return NewDBUser(namespace, username, username, projectName).WithRole("clusterMonitor", "admin", "")
 }

pkg/controller/atlasdatabaseuser/databaseuser.go

@@ -48,11 +48,7 @@ func (r *AtlasDatabaseUserReconciler) handleDatabaseUser(ctx *workflow.Context,
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.Internal, true, err)
 	}
 
-	credentialsSecret, err := customresource.ComputeSecret(atlasProject, atlasDatabaseUser)
-	if err != nil {
-		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.AtlasAPIAccessNotConfigured, true, err)
-	}
-	sdkClient, _, err := r.AtlasProvider.SdkClient(ctx.Context, credentialsSecret, r.Log)
+	sdkClient, _, err := r.AtlasProvider.SdkClient(ctx.Context, atlasProject.ConnectionSecretObjectKey(), r.Log)
 	if err != nil {
 		return r.terminate(ctx, atlasDatabaseUser, api.DatabaseUserReadyType, workflow.AtlasAPIAccessNotConfigured, true, err)
 	}

pkg/controller/atlasproject/atlasproject_controller_test.go

@@ -36,7 +36,7 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/indexer"
 )
 
-func TestReconcile(t *testing.T) {
+func TestRenconcile(t *testing.T) {
 	tests := map[string]struct {
 		atlasClientMocker func() *mongodbatlas.Client
 		atlasSDKMocker    func() *admin.APIClient

pkg/controller/customresource/customresource.go

@@ -4,12 +4,13 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/Masterminds/semver"
 	"go.uber.org/zap"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
+	"github.com/Masterminds/semver"
+
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/controller/workflow"
@@ -138,20 +139,3 @@ func SetAnnotation(resource api.AtlasCustomResource, key, value string) {
 	annot[key] = value
 	resource.SetAnnotations(annot)
 }
-
-func ComputeSecret(project *akov2.AtlasProject, resource api.ResourceWithCredentials) (*client.ObjectKey, error) {
-	if resource == nil {
-		return nil, fmt.Errorf("resource cannot be nil")
-	}
-	creds := resource.Credentials()
-	if creds != nil && creds.Name != "" {
-		return &client.ObjectKey{
-			Namespace: resource.GetNamespace(),
-			Name:      creds.Name,
-		}, nil
-	}
-	if project == nil {
-		return nil, fmt.Errorf("project cannot be nil")
-	}
-	return project.ConnectionSecretObjectKey(), nil
-}

pkg/controller/customresource/customresource_test.go

@@ -6,14 +6,11 @@ import (
 
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1"
-	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1/common"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/version"
 
 	"github.com/stretchr/testify/assert"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func TestResourceShouldBeLeftInAtlas(t *testing.T) {
@@ -230,102 +227,3 @@ func TestResourceVersionIsValid(t *testing.T) {
 		})
 	}
 }
-
-func TestComputeSecret(t *testing.T) {
-	for _, tt := range []struct {
-		name         string
-		project      *akov2.AtlasProject
-		resource     api.ResourceWithCredentials
-		wantRef      *types.NamespacedName
-		wantErrorMsg string
-	}{
-		{
-			name:         "nil inputs fails with resource cannot be nil",
-			wantErrorMsg: "resource cannot be nil",
-		},
-
-		{
-			name: "nil project ignored if resource is set",
-			resource: &akov2.AtlasDatabaseUser{
-				ObjectMeta: metav1.ObjectMeta{Namespace: "local"},
-				Spec: akov2.AtlasDatabaseUserSpec{
-					LocalCredentialHolder: api.LocalCredentialHolder{
-						ConnectionSecret: &api.LocalObjectReference{Name: "local-secret"},
-					},
-				},
-			},
-			wantRef: &client.ObjectKey{
-				Name:      "local-secret",
-				Namespace: "local",
-			},
-		},
-
-		{
-			name:         "nil resource and empty project fails",
-			project:      &akov2.AtlasProject{},
-			wantErrorMsg: "resource cannot be nil",
-		},
-
-		{
-			name:     "when both are set empty it renders nil",
-			project:  &akov2.AtlasProject{},
-			resource: &akov2.AtlasDatabaseUser{},
-		},
-
-		{
-			name: "empty resource and proper project get creds from project",
-			project: &akov2.AtlasProject{
-				Spec: akov2.AtlasProjectSpec{
-					Name:                    "",
-					RegionUsageRestrictions: "",
-					ConnectionSecret: &common.ResourceRefNamespaced{
-						Name:      "project-secret",
-						Namespace: "some-namespace",
-					},
-				},
-			},
-			resource: &akov2.AtlasDatabaseUser{},
-			wantRef: &client.ObjectKey{
-				Name:      "project-secret",
-				Namespace: "some-namespace",
-			},
-		},
-
-		{
-			name: "when both are properly set the resource wins",
-			project: &akov2.AtlasProject{
-				Spec: akov2.AtlasProjectSpec{
-					Name:                    "",
-					RegionUsageRestrictions: "",
-					ConnectionSecret: &common.ResourceRefNamespaced{
-						Name:      "project-secret",
-						Namespace: "some-namespace",
-					},
-				},
-			},
-			resource: &akov2.AtlasDatabaseUser{
-				ObjectMeta: metav1.ObjectMeta{Namespace: "local"},
-				Spec: akov2.AtlasDatabaseUserSpec{
-					LocalCredentialHolder: api.LocalCredentialHolder{
-						ConnectionSecret: &api.LocalObjectReference{Name: "local-secret"},
-					},
-				},
-			},
-			wantRef: &client.ObjectKey{
-				Name:      "local-secret",
-				Namespace: "local",
-			},
-		},
-	} {
-		t.Run(tt.name, func(t *testing.T) {
-			result, err := ComputeSecret(tt.project, tt.resource)
-			if tt.wantErrorMsg != "" {
-				assert.Nil(t, result, nil)
-				assert.ErrorContains(t, err, tt.wantErrorMsg)
-			} else {
-				assert.Equal(t, result, tt.wantRef)
-				assert.NoError(t, err)
-			}
-		})
-	}
-}

pkg/operator/builder.go

@@ -262,14 +262,14 @@ func (b *Builder) Build(ctx context.Context) (manager.Manager, error) {
 		return nil, fmt.Errorf("unable to create controller AtlasFederatedAuth: %w", err)
 	}
 
-	streamsInstanceReconciler := atlasstream.NewAtlasStreamsInstanceReconciler(
+	streamsInstanceReconiler := atlasstream.NewAtlasStreamsInstanceReconciler(
 		mgr,
 		b.predicates,
 		b.atlasProvider,
 		b.deletionProtection,
 		b.logger,
 	)
-	if err = streamsInstanceReconciler.SetupWithManager(mgr, b.skipNameValidation); err != nil {
+	if err = streamsInstanceReconiler.SetupWithManager(mgr, b.skipNameValidation); err != nil {
 		return nil, fmt.Errorf("unable to create controller AtlasStreamsInstance: %w", err)
 	}